Hi William,
----- Original Message ----- From: "William R. Mussatto" Sent: Friday, November 07, 2003 12:49 PM Subject: Re: aes encryption bug > Paul DuBois said: > > > > Okay, I investigated this further and I believe I know the cause of the > > problem. The solution is to use a TINYBLOB NOT NULL rather than > > a VARCHAR(16) NOT NULL. > > > > Here's what's going on: > > > > - The particular encrypted value you calculate ends with 0x20. That is, > > the same value as a space character. > > - Trailing spaces are trimmed from values stored in VARCHAR columns. - > > That means when you retrieve the value, it's 15 bytes long, and is no > > longer a legal encrypted value. > > - AES_DECRYPT() returns NULL for illegal encrypted values. > > > > Can you instead use CHAR(16) instead of VARCHAR(16)? No, because > > the trailing space would still be trimmed *when the value is retrieved*, > > and you'd still get NULL from AES_DECRYPT(). > > > > Use a TINYBLOB instead. Trailing spaces won't be trimmed when the value > > is stored, or when it is retrieved. AES_DECRYPT() will work. > > > > In general, you shouldn't try to use CHAR/VARCHAR for encrypted values > > or other forms of binary data. Use BLOB columns instead. > > > > So a char(16) binary would work fine as well? No, since it's a CHAR, trailing spaces would still be removed on retrieval. BINARY would only make it case-sensitive, not change the behavior of CHAR. Matt -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]